Paddy Horan created ARROW-7006: ---------------------------------- Summary: [Rust] Bump flatbuffers version to avoid vulnerability Key: ARROW-7006 URL: https://issues.apache.org/jira/browse/ARROW-7006 Project: Apache Arrow Issue Type: Improvement Affects Versions: 0.15.0 Reporter: Paddy Horan
>From GitHub use emilk: [{{cargo audit}}|https://github.com/RustSec/cargo-audit] output: {{ID: RUSTSEC-2019-0028 Crate: flatbuffers Version: 0.5.0 Date: 2019-10-20 URL: https://github.com/google/flatbuffers/issues/5530 Title: Unsound `impl Follow for bool`}} The fix should be as simple as editing [https://github.com/apache/arrow/blob/master/rust/arrow/Cargo.toml] from {{flatbuffers = "0.5.0"}} to {{flatbuffers = "0.6.0"}} A more longterm improvement is to add a call to {{cargo audit}} in your CI to catch these problems as early as possible -- This message was sent by Atlassian Jira (v8.3.4#803005)